Video: ST 2110 Testing Fundamentals

When you’ve chosen to go IP in your facility using ST 2110, you’ll need to know how to verify it’s working correctly, how to diagnose problems and have the right tools available. Vendors participate in several interop tests a year, so we can learn from how they set up their tests and the best practices they develop.

In this talk, Jean Lapierre explains what to test for and the types of things that typically go wrong in ST 2110 systems with PTP. Jean starts by talking about the parts of 2110 which are tested and the network and timing infrastructure which forms the basis of the testing. He then starts to go through problems to look for in deployments.

Jean talks about testing that IGMPv3 multicasts can be joined and then looks at checking the validity of SDP files which can be done by visual inspection and also SDPoker. A visual inspection is still important because whilst SDPoker checks the syntax, there can be basic issues in the content. 2022-7 testing is next. The simplest test is to turn one path off and check for disturbances, but this should be followed up by using a network emulator to deliver a variety of different types of errors of varying magnitudes to ensure there are no edge cases.

ST 2110 uses PTP for timing so, naturally, the timing system also needs to be tested. PTP is a bi-directional system for providing time to all parts of the network instead of a simple waterfall distribution of a centrally created time signal like black and burst. Whilst this system needs monitoring during normal operation, it’s important to check for proper grandmaster failover of your equipment.

PTP is also important when doing 2110 PCAPs in order to have accurate timing and to enable analysis with the EBU’s LIST project. Jean gives some guidelines on using and installing LIST and finishes his talk outlining some of the difficulties he has faced, providing tips on what to look out for.

Watch now!
Speakers

Jean Lapierre Jean Lapierre
Senior Director of Engineering,
Matrox

Video: Securing Your Network with Firewall Tech

As true for corporate networks as for broadcast networks, security needs to underpin everything we do to ensure the smooth running of service, that ransomware is kept out and that our data is kept in. This doesn’t mean every device has to have every security feature turned up to 11, it means that security – and which threats need to be protected against – have been thought through at the system level.

Such importance has security in broadcast facilities, that we see it as the foundational layer of the EBU’s Technology Pyramid. We see SMPTE ST 2110 at the top and whilst this is seen as the ‘business end’, it’s not practical without all that underpins it; the system timing, the NMOS protocols and the security practices.

In this video, Ray Scites explains the threats to networks and challenges the audience to take them seriously showing how mitigations can be implemented. He explains some of the common attacks on networks, both technical and human. Human attacks are phishing attacks which effectively simply ask for the details. Starting with asking for seemingly innocuous information like “Is Donald available today?” and building on knowing that someone is away to put on pressure to hand over information “Donald told me this needs doing right now or the $1,000 deposit will be lost.” With enough small information providing the context, people can be tricked into thinking that an attacker is legitimately doing business and their requests complied with.

To supplement the human element, vulnerabilities can be used. Ray highlights that it’s not just Windows 10 that needs updates, the CVE list of vulnerabilities shows that just this year over 40 security issues with Netgear devices have been publicly reported; all elements in the network need to be kept up to date.

Ray looks at the levels of firewall available from the basic features such as port blocking and forwarding to advanced, like intrusion detection and deep-packet-inspection. The latter technology being where packets are not just forwarded, but read to determine their payload and make firewall decisions based upon the contents. He then explains how port forwarding and NAT (Network Address Translation) work in firewalls.

The cloud offloads all the functionality, but none of the liability.

Ray Scites
An important takeaway from this video is that moving infrastructure and/or data to the cloud can be a great move for your company’s workflow, IT overheads and costs but it doesn’t solve all your security issues. Your responsibility is still to implement secure practices both in the office and in the cloud. Whilst the job may be easier now as it may be someone else’s responsibility to update OSes or other software, you are still the one responsible for data breaches and for ensuring that your security coverage is complete.

Ray finishes by showing a brute-force password attack in real time and answering questions covering how to implement security around hardware devices which had no security features, using remote PC terminals to maintain security and whether attacks are on the increase.

Watch now!
Speaker

Ray Scites Ray Scites
KNL Consulting Services

Video: How to build two large Full-IP OB trucks (during COVID-19)

It’s never been easy building a large OB van. Keeping within axel weight, getting enough technology in and working within a tight project timeline, not to mention keeping the expanding sections cool and water-tight is no easy task. Add on that social distancing thanks to SARS-CoV-2 and life gets particularly tricky.

This project was intriguing before Covid-19 because it called for two identical SMPTE ST-2110 IP trucks to be built, explains Geert Thoelen from NEP Belgium. Both are 16-camera trucks with 3 EVS each. The idea being that people could walk into truck A on Saturday and do a show then walk into truck B on Sunday and work in exactly the same show but on a different match. Being identical, when these trucks will be delivered to Belgium public broadcaster RTBF, production crews won’t need to worry about getting a better or worse truck then the other programmes.. The added benefit is that weight is reduced compared to SDI baseband. The trucks come loaded with Sony Cameras, Arista Switches, Lawo audio, EVS replays and Riedel intercoms. It’s ready to take a software upgrade for UHD and offers 32 frame-synched and colour-corrected inputs plus 32 outputs.

Broadcast Solutions have worked with NEP Belgium for many years, an ironically close relationship which became a key asset in this project which had to be completed under social distancing rules. Working open book and having an existing trust between the parties, we hear, was important in completing this project on time. Broadcast Solutions separated internet access for the truck to access the truck as it was being built with 24/7 remote access for vendors.

Axel Kühlem fro broadcast solutions address a question from the audience of the benefits of 2110. He confirms that weight is reduced compared to SDI by about half, comparing like for like equipment. Furthermore, he says the power is reduced. The aim of having two identical trucks is to allow them to be occasionally joined for large events or even connected into RTBF’s studio infrastructure for those times when you just don’t have enough facilities. Geert points out that IP on its own is still more expensive than baseband, but you are paying for the ability to scale in the future. Once you count the flexibility it affords both the productions and the broadcaster, it may well turn out cheaper over its lifetime.

Watch now!
Speakers

Axel Kühlem Axel Kühlem
Senior System Architect
Broadcast Solutions
Geert Thoelen Geert Thoelen
Technical Director,
NEP Belgium

Video: IP Fundamentals For Broadcast Seminar IV

“When networking gets real”, perhaps, could have been the title of this last of 4 talks about IP for broadcast. This session wraps up a number of topics from the classic ‘TCP Vs. UDP’ discussion to IPv6 and examines the switches and networks that make up a network as well as the architecture options. Not only that, but we also look at VPNs and firewalls finishing by discussing some aspects of network security. When viewed with the previous three talks, this discusses many of the nuances from the topics already covered bringing in the relevance of ‘real world’ situations.

Wayne Pecena, President of SBE, starts by discussing subnets and collision domains. The issue with any NIC (Network Interface Controller) is that it’s not to know when someone else is talking on the wire (i.e. when another NIC is sending a message by changing the voltage of the wire). It’s important that NICs detect when other NICs are sending messages and seek to avoid sending while this is happening. If this does’t work out well, then two messages on the same wire are seen as a ‘collision’. It’s no surprise that collisions are to be avoided which is the starting point of Wayne’s discussion.

Moving from Layer 2 to Layer 4, Wayne pits TCP against UDP looking at the pros and cons of each protocol. Whilst this is no secret, as part of the previous talks this is just what’s needed to round the topic off ahead of talking about network architecture.

“Building and Securing a Segmented IP Network Infrastructure” is the title of the next talk which starts to deal with real-world problems when an engineer gets back from a training session and starts to actually specify a network herself. How should the routers and switches be interconnected to deliver the functionality required by the business and, as we shall see, which routers/switches are actually needed? Wayne discusses some of the considerations of purchasing switches (layer 2) and routers (layer 3 & 2) including the differing terms used by HP and Cisco before talking about how to assign IP addresses, also called an IP space. Wayne takes us through IP addressing plans, examples of what they would look like in excel along with a lot of the real-world thinking behind it.

Security is next on the list, not just in terms of ‘cybersecurity’ in the general sense but in terms of best practice, firewalls and VPNs. Wayne takes a good segment of time out to discus the different aspects of firewalls – how they work, ACLs (Access-control Lists), and port security amongst other topics before doing the same for VPNs (Virtual Private Networks) before making the point that a VPN and a firewall are not the same. A VPN allows you to extend a network out from a building to be in another – the typical example being from your work’s address into your home. Whilst a VPN is secured so that only certain people can extend the network, a firewall more generally acts to prevent anything coming into a network.

As an addendum to this talk, Wayne explains IPV4 depletion and how IPv6 addressing works. In practice, for broadcasters deploying within their company in the year 2020, IPv6 is unlikely to be a topic needed. However, for people who are distributing to homes and working closer with CDNs and ISPs, there is a chance that this information is more relevant on a day-to-day basis. Whilst IP address depletion is a real thing, since every company has a 10.x.x.x address space to play with, most companies use internal equipment with an IPv4 address plan.
Watch now!
Speaker

Wayne Pecena Wayne Pecena
Director of Engineering, KAMU TV/FM at Texas A&M University
President, Society of Broadcast Engineers AKA SBE